03-22-2017 11:36 AM - edited 02-21-2020 09:12 PM
Hello All,
I am using cisco 4331 with Sec k9
Even though we have configured 112 aggressive mode IPSec tunnels router “ show platform software cerm-information “ shows we have 224 tunnel and is not allowing us to configure new tunnels
<Router># show platform software cerm-information
Crypto Export Restrictions Manager(CERM) Information:
CERM functionality: ENABLED
----------------------------------------------------------------
Resource Maximum Limit Available
----------------------------------------------------------------
Tx Bandwidth(in kbps) 85000 D
Rx Bandwidth(in kbps) 85000 D
Number of tunnels 225 1
Number of TLS sessions 1000 1000
Resource reservation information:
D - Dynamic
-----------------------------------------------------------------------
Client Tx Bandwidth Rx Bandwidth Tunnels TLS Sessions
(in kbps) (in kbps)
-----------------------------------------------------------------------
VOICE 0 0 0 0
IPSEC D D 224 N/A <-------------- How does the router show 224 tunnels when i have only 1112 tunnels on the router
SSLVPN D D 0 N/A for every site it show in the log it uses 2 tunnels
Statistics information:
Failed tunnels : 420
Failed sessions : 0
Failed tx bandwidth: 0
Failed rx bandwidth: 0
Failed encrypt pkts: 0
Failed decrypt pkts: 0
Failed encrypt pkt bytes: 0
Failed decrypt pkt bytes: 0
Passed encrypt pkts: 0
Passed decrypt pkts: 0
Passed encrypt pkt bytes: 0
Passed decrypt pkt bytes: 0
We are getting the below errors
*Mar 22 11:48:40.025 UTC: %CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.
Currently we are using the below licenses on the router
<Router> #show license
Index 1 Feature: appxk9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 2 Feature: uck9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 5 Feature: FoundationSuiteK9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: AdvUCSuiteK9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 7 Feature: cme-srst
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: 0/0 (In-use/Violation)
License Priority: None
Index 8 Feature: hseck9
Index 9 Feature: throughput
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 10 Feature: internal_service
Do i require HSEC license to solve this issue? and will HSEC license work in this scenario..
Regards,
Ranjit
04-21-2017 06:32 AM
resolved was license issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide